summaryrefslogtreecommitdiff
path: root/data/live-build-config/includes.chroot
diff options
context:
space:
mode:
Diffstat (limited to 'data/live-build-config/includes.chroot')
-rw-r--r--data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry20
-rw-r--r--data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md13
2 files changed, 21 insertions, 12 deletions
diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry
new file mode 100644
index 00000000..49f4afc4
--- /dev/null
+++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry
@@ -0,0 +1,20 @@
+menuentry "VyOS (KVM console)" {
+ linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0
+ initrd /boot//initrd.img
+}
+
+menuentry "VyOS (Serial console)" {
+ linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200
+ initrd /boot//initrd.img
+}
+
+menuentry "Lost password change (KVM console)" {
+ linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset
+ initrd /boot//initrd.img
+}
+
+menuentry "Lost password change (Serial console)" {
+ linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 init=/opt/vyatta/sbin/standalone_root_pw_reset
+ initrd /boot//initrd.img
+}
+
diff --git a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md b/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
index 5a6edbba..abaaa97a 100644
--- a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
+++ b/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
@@ -6,17 +6,6 @@ Create Certificate Authority used for Kernel signing. CA is loaded into the
Machine Owner Key store on the target system.
```bash
-openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes
+openssl req -new -x509 -newkey rsa:4096 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes
openssl x509 -inform der -in MOK.der -out MOK.pem
```
-
-## Kernel Module Signing Key
-
-We do not make use of ephemeral keys for Kernel module signing. Instead a key
-is generated and signed by the VyOS Secure Boot CA which signs all the Kernel
-modules during ISO assembly if present.
-
-```bash
-openssl req -newkey rsa:2048 -keyout kernel.key -out kernel.csr -subj "/CN=VyOS Secure Boot Signer 2024 - linux/" -nodes
-openssl x509 -req -in kernel.csr -CA MOK.pem -CAkey MOK.key -CAcreateserial -out kernel.pem -days 730 -sha256
-```
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 09:42:54 +0000